Browser cookies

From LinuxReviews
Jump to navigationJump to search
Web-browser-cookies.svg

Web browser cookies are small pieces of data websites can ask web browsers to store in order to track who is logged into sites, who has seen what advertisements and other information a site may want a visitor to provide in order to better server or exploit them.

How The Political Class Believe Web Browser Cookies Work

You go to the store and buy milk and coffee. You then go home and relax. A employee from the store breaks into your home and places a note under your sofa saying "Bought milk and coffee" once you fall a sleep. That information is now stored in your home without your consent or permission.

How Web Browser Cookies Actually Work

You go to the store and buy milk and coffee. Everything is all dandy until the the person in the cash register makes an odd request:

Could you please write down that you bought milk and coffee here today on a piece of paper, store that piece of paper in your home and bring it to our store the next time you visit?

You can, at that point, say Yes! or nod your head and leave without writing anything down.

That is how web browser cookies actually work. A website can not force your computer, phone or any other electronic device to accept and store cookies. It is entirely up to you and the software you are using if you choose to accept cookies or not.

Some websites, like this one, will not show advertisements utilizing third party tracking cookies if a web browsers send a Do-Not-Track http header. Many websites do not respect that header. However, no website is capable of storing cookies, or anything else, on visitors devices unless their web browser software is configured to allow and store cookies.

Use-Cases

Cookies can be used to store very simple text strings such as username, session-id and values like that. They are widely used to track login sessions on sites like this one. Cookies are also widely used by advertisers.

Third-party Cookies

Cookies could be relied upon for cross-site tracking using third-party cookies until early 2020. We can place scripts served directly from third parties in the HTML code served by this site. A user visiting linuxreviews.org can therefore be subject to script served by www.trackadvertising.net (or any other similar service). These scripts can set third party cookies that are valid when the similar scripts are served from www.trackadvertising.net when that same user visits a completely different website like immortalpoetry.com.

Many web browsers started blocking third party cookies early 2020. The Brave Web Browser, Dooble, Mozilla Firefox and Apple Safari all block third party cookies as of current versions July 2020. Chromium and many web browsers based on it such as Google Chrome do not block third party cookies. It is interesting to note that Chromium-maker Google, the only major browser vendor who still allows third party cookies, happens to own the worlds largest online advertisement network (Google AdSense). Google has stated that they will forbid third party cookies in Chrome and Chromium by 2022. Support for third party cookies over HTTP were removed in Chromium version 84 (third party cookies over HTTPS are still supported).

Enter The Web Storage

First party site cookies were essentially deprecated with the advent of HTML5. HTML5 introduced the concept of a local HTML Web Storage. Web browsers allow scripts sent from a website to store huge amounts of per-site data, 5 MB at minimum, in the visitors web browser. What cookies can store is really limited in comparison.

Web storage is limited per origin (per domain and protocol). It can therefore not be used for the same kind of online tracking third party cookies can be used for.

"Do-Not-Track"

Most modern web browsers can be configured to send a "Do-Not-Track" when they request pages from websites. Web servers can care about this header and check for it or not. Those who do check if it is sent can act upon it or not. It is entirely voluntary. This site will not serve any third party advertising scripts if a Do-Not-Track header is sent along with a web browser request. Other sites may or may not care.

Mozilla Firefox supports sending a Do-Not-Track header when it requests a web page but the functionality is not enabled by default. It can be turned on using the about:preferences#privacy page found under Edit ▸ Preferences ▸ Privacy & Security. There you will find the option "Send websites a “Do Not Track” signal that you don’t want to be tracked" half-way down on that page. It should be set to Always instead of the Only when Firefox is set to block known trackers default.

Chromium based browsers have the Do-Not-Track setting hidden under Settings ▸ Privacy and security ▸ More. Flip the switch Send a "Do Not Track" request with your browsing traffic to send a Do-Not-Track request to websites when it requests pages.

Links

Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.